Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-5849

Published: 19/12/2007 Updated: 29/07/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Apple

Vulnerability Summary

Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 up to and including 1.3.4 allows remote malicious users to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

easy_software_products cups 1.3.3

easy_software_products cups 1.2.10

easy_software_products cups 1.2.12

easy_software_products cups 1.2.4

easy_software_products cups 1.2.9

Vendor Advisories

Ubuntu Security Notice: cupsys vulnerabilities
Wei Wang discovered that the SNMP discovery backend did not correctly calculate the length of strings If a user were tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code ...
Debian CVElist Bug Report Logs: cupsys: CVE-2007-6358 insecure file handling in pdftops filter script
Debian Bug report logs - #456960 cupsys: CVE-2007-6358 insecure file handling in pdftops filter script Package: cupsys; Maintainer for cupsys is (unknown); Reported by: Nico Golde <nion@debianorg> Date: Tue, 18 Dec 2007 18:21:04 UTC Severity: important Tags: security Fixed in version cupsys/135-1 Done: Kenshi Muto &lt ...
Debian CVElist Bug Report Logs: cupsys: CVE-2007-5849 stack-based buffer overflow leading to code execution in SNMP back-end
Debian Bug report logs - #457453 cupsys: CVE-2007-5849 stack-based buffer overflow leading to code execution in SNMP back-end Package: cupsys; Maintainer for cupsys is (unknown); Reported by: Nico Golde <nion@debianorg> Date: Sat, 22 Dec 2007 14:33:01 UTC Severity: grave Tags: patch, security Found in versions cupsys/12 ...
Debian Security Advisories: DSA-1437-1 cupsys -- several vulnerabilities
Several local vulnerabilities have been discovered in the Common UNIX Printing System The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5849 Wei Wang discovered that an buffer overflow in the SNMP backend may lead to the execution of arbitrary code CVE-2007-6358 Elias Pipping ...

Exploits

Exploit DB: Common UNIX Printing System 1.2/1.3 SNMP - 'asn1_get_string()' Remote Buffer Overflow
source: wwwsecurityfocuscom/bid/26917/info Common UNIX Printing System (CUPS) is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer Exploiting this issue allows attackers to execute arbitrary machine code in the contex ...

References

CWE-189http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlhttp://docs.info.apple.com/article.html?artnum=307179http://bugs.gentoo.org/show_bug.cgi?id=201570http://www.cups.org/str.php?L2589http://www.debian.org/security/2007/dsa-1437http://www.gentoo.org/security/en/glsa/glsa-200712-14.xmlhttp://www.us-cert.gov/cas/techalerts/TA07-352A.htmlhttp://www.securityfocus.com/bid/26917http://secunia.com/advisories/28113http://secunia.com/advisories/28136http://secunia.com/advisories/28129http://secunia.com/advisories/28200http://www.ubuntu.com/usn/usn-563-1http://www.securityfocus.com/bid/26910http://secunia.com/advisories/28386http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.htmlhttp://secunia.com/advisories/28441http://www.novell.com/linux/security/advisories/suse_security_summary_report.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00908.htmlhttp://secunia.com/advisories/28636http://secunia.com/advisories/28676http://www.mandriva.com/security/advisories?name=MDVSA-2008:036http://www.vupen.com/english/advisories/2007/4238http://www.vupen.com/english/advisories/2007/4242https://exchange.xforce.ibmcloud.com/vulnerabilities/39101https://exchange.xforce.ibmcloud.com/vulnerabilities/39097https://usn.ubuntu.com/563-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/30898/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook